Charities Are Vulnerable To Severe Cyber Attacks

Uploaded on 2018-03-20 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

The UK’s charities could be at risk from a series of devastating cyber-attacks, intelligence officials from the National Cyber Security Centre have warned.

With around 200,000 charities registered in the UK, each one contains vast amounts of personal data and payment information on those that support them. This in turn makes them a huge target for the next wave of cyber-crime and potentially breaking the coming GDPR law.

In one case a charity lost £13,000 after its chief executive’s email was hacked. In a new report, experts at the centre, which is part of intelligence agency GCHQ, said charities are falling victim to a range of malicious activity, although the scale is unclear because of under-reporting.

The report said: “The NCSC believe there is considerable variation in charities’ understanding, approach to and application of cyber security". Some charities are aware their data is sensitive, valuable and vulnerable to malicious cyber activity. Fraud aimed at tricking employees with financial authority into transferring money is increasing, according to the report.

It highlighted one episode in which a charity lost £13,000 after the email of its CEO was hacked and a fraudulent message sent to its financial manager with instructions to release the funds.

Datasets containing personal details and financial information are an attractive target for criminals, the study noted. It said:

“Charity datasets may contain personally identifiable information of donors, trustees, patrons, partners, paid staff and volunteers.

“Some large charities hold several million donor records. The data may also include payment details relating to donations including card details.”

While cyber criminals are assessed as posing the greatest threat to the sector, charities are also seen as potentially attractive targets for nation states who “oppose or mistrust their activity”.

Alongside the threat assessment, the NCSC has published a guide outlining steps charities should follow to guard against attacks. They include advice on passwords, backing up data and protecting systems from malware.

NCSC director for engagement Alison Whitney said: “Cyber-attacks can be devastating both financially and reputationally, but many charities may not realise how vulnerable they are to the threat.

“That’s why we have created these quick and easy steps that will help charities protect themselves to protect their data, assets and reputation.”

Helen Stephenson, chief executive of the Charity Commission for England and Wales, said: “Charities play a vital role in our society and so the diversion of charitable funds or assets via cyber-crime for criminal purposes or personal gain is particularly damaging and shocking.

“The threat assessment confirms what we often see in our casework, unfortunately charities are not immune to fraud and cybercrime, and there are factors that can sometimes increase their vulnerability such as a lack of digital expertise, limited resources and culture of trust.

Huffington Post:     Image: Nick Youngson 

You Migh Also Read: 

Action Fraud: Social Media Used to Steal Charity Donations:

UK Fraud Hotspots Revealed:

 

« Millennials More Likely To Fall Victim To Cybercrime
On Twitter Fake News Gets More Traction Than Truth »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ACIS Professional Center

ACIS Professional Center

ACIS provides training and consulting services in the area of information technology, cybersecurity, IT Governance, IT Service management, information security and business continuity management.

OpenSphere

OpenSphere

OpenSphere is an IT company providing security consultancy, information system risk management and security management services.

Acalvio Technologies

Acalvio Technologies

Acalvio provides Advanced Threat Defense (ATD) solutions to detect, engage and respond to malicious activity inside the perimeter.

netfiles

netfiles

netfiles offers highly secure data rooms for sensitive business processes and secure data exchange.

ThreatGen

ThreatGen

ThreatGEN™ works with your team to improve your resiliency and industrial cybersecurity capabilities through an innovative and modernized approach to training and services.

Rigado

Rigado

Rigado's mission is to enable commercial IoT success by providing high-performance secure and scalable wireless edge connectivity and network infrastructure.

Elevate Security

Elevate Security

Elevate is the leading Security Behavior Platform, changing employee security habits while giving security teams unprecedented visibility.

WolfSSL

WolfSSL

wolfSSL is an embedded SSL/TLS library providing secure communication for IoT, smart grid, connected home, routers, applications, games, phones, and more.

Luxembourg House of Financial Technology (LHoFT)

Luxembourg House of Financial Technology (LHoFT)

Offering start-up incubation, co-working spaces including a soft-landing platform, the LHoFT connects and creates value for the entire Luxembourg FinTech ecosystem.

Bugv

Bugv

Bugv is a crowdsourcing cybersecurity platform powered by human intelligence where we connect businesses with cyber security experts, ethical hackers, bug bounty hunters from all around the world.

N2K Networks

N2K Networks

N2K Networks is the world’s first “news to knowledge” network. The news to knowledge network is how you stay at the cutting edge in a rapidly changing world.

People Driven Technology

People Driven Technology

People Driven Technology is a customer-obsessed organization. We leverage our decades of business, technology, and engineering experience to deliver outcomes for our clients.

BAE Systems

BAE Systems

BAE Systems develop, engineer, manufacture, and support products and systems to deliver military capability, protect national security, and keep critical information and infrastructure secure.

Coffee Cup Solutions

Coffee Cup Solutions

We offer a full spectrum of IT Services, from our UK based Helpdesk to IT Consultancy and Cyber Security. Our team has the skills and experience to develop, deliver and manage IT for your business.

OxCyber

OxCyber

OxCyber's mission is to ignite and encourage cybersecurity and technology growth in the Thames Valley through meetings, webinars, in person events, workshops and mentorship programs.

Codezero Technologies

Codezero Technologies

Codezero is at the forefront of microservices development, employing an identity-aware overlay network that delivers zero-trust security to DevOps.